Silver Economy & GDPR: Compliant B2B Prospecting for Senior Services

Article 6.1.f of the GDPR (legitimate interest) is the correct basis for B2B prospecting in the silver economy sector — including when targeting employees of public bodies, provided three conditions are met: the contact is reached in their professional capacity, the message is directly relevant to their professional function, and the right to object is clearly and simply offered.

A care quality coordinator at a care home group receiving a message about a fall detection system is being contacted in their professional capacity on a matter directly relevant to their function. This falls within legitimate interest. The same coordinator receiving a message about personal financial planning products would not — the functional relevance test fails.

Particular attention must be paid to public sector employees of local authorities (county council dependency teams, municipal social care offices). In France, public sector employees are protected by the same GDPR provisions as private sector employees for commercial prospecting — the public nature of their employer does not create a blanket exception, nor does it impose more restrictive rules. The legitimate interest basis applies equally.

The silver economy B2B prospecting context creates two specific GDPR risks not present in most other sectors. First, incidental processing of health-related data: when prospecting care home or domiciliary care operators, the business context may involve referencing beneficiary populations, care outcomes or health indicators. GDPR Article 9 prohibits processing of health data without explicit consent or another specific legal basis — even in a B2B context, including health statistics in prospecting messages can create compliance exposure if not carefully scoped.

Second, the beneficiary data risk: some silver economy B2B databases (particularly for telecare and home help services) include information derived from beneficiary eligibility or care need data. These databases, even when they contain only organisational-level data, may be derived from special-category source data. Verifying the legal basis of your data provider is essential. At Lead-Gene, all data sources used in silver economy campaigns are verified against the criteria in our GDPR compliance guide.

The safest approach in silver economy B2B: confine prospecting data to professional identity information (name, title, organisation, professional email, professional phone) derived from publicly accessible professional registries (FINESS, ORIAS, professional associations). Avoid databases derived from beneficiary eligibility, dependency assessment or care needs data, even if offered at the institutional rather than individual level.

Opt-out management in the silver economy sector has two specific characteristics. First, staff turnover is high: care home director turnover runs at 22% annually, domiciliary care coordinator turnover is higher. This means opt-out lists require quarterly hygiene — contacts who have left their role are not subject to the same opt-out obligation, and their successors have not opted out. Correctly managing the relationship between contact-level and organisation-level opt-outs is an operational compliance requirement.

Second, institutional email addresses sometimes forward to shared inboxes or are monitored by multiple users. An opt-out from a shared inbox must be treated as an opt-out for the entire organisational unit, not just the individual who actioned it. Failing to implement this at the system level creates re-contact risk for contacts who share an inbox.

Lead-Gene's silver economy campaigns implement a two-level opt-out: contact-level (individual email address suppression) and organisation-level (domain-level suppression when the opt-out is submitted from a shared or role-based address). This architecture ensures compliance with the spirit of the GDPR opt-out right even in the structurally complex silver economy institutional environment.

GDPR-compliant data retention for B2B prospecting data is capped at 3 years from the last contact or end of commercial relationship. In the silver economy sector, the high staff turnover means that 3-year retention for individual contacts often outlasts the contact's tenure in the relevant role. Best practice: apply a 24-month retention period for individual contact data in this sector, with annual verification of role continuity for high-value accounts.

The processing register (GDPR Article 30) for silver economy campaigns must document: the purpose (commercial prospecting for [describe your service category]), the legal basis (legitimate interest, with the three-criterion test documented), the data categories (professional identity, professional contact details), the data sources (FINESS registry, ORIAS registry, LinkedIn public profile, sector association directories), the retention period, and the sub-processors used (data enrichment providers, email sending tools, CRM).

If you are prospecting simultaneously in EU member states and Switzerland, maintain separate processing register entries for each regulatory regime (GDPR for EU, revDPA for Switzerland), as the documentation requirements differ in scope and format. The practical solution is to use the GDPR documentation format as the universal baseline — it satisfies the revDPA requirements and is accepted by the Swiss FDPIC.

Before launching any silver economy B2B prospecting campaign: ☑ All contact data sourced from documented public professional registries. ☑ No health-related data included in prospect profiles or email content. ☑ Processing register entry created for the campaign with all required fields. ☑ One-click unsubscribe link present in every email. ☑ Sender identity fully disclosed (name, role, company, physical address). ☑ Functional relevance test applied — message directly relevant to the recipient's professional function. ☑ Opt-out list from previous campaigns applied to deduplicate the new list. ☑ 24-month contact retention policy applied to the new database.

During the campaign: ☑ Opt-out requests processed within 72 hours. ☑ Organisation-level opt-outs applied where relevant. ☑ Email deliverability monitored for spam complaint rates (alert threshold: 0.1%). ☑ Processing register updated with any new sub-processors added during the campaign.

At campaign close: ☑ Contact database transferred to CRM with retention timestamp. ☑ Contacts who did not respond after all touches moved to long-term nurturing list with 12-month re-activation permission check. ☑ Sub-processor list reviewed for any changes during the campaign period. ☑ Campaign performance documented for future legitimate interest balance-of-interests assessment updates.